Financial Data
Updated 26 Feb 2020

Your business ransomed: How to avoid becoming a victim of ransomware

Find out why ransomware is such a challenge for businesses in South Africa, and what you can do to ensure your company’s transactional data is out of harm’s way. 

Heinrich van der Vyver, 22 May 2017  Share  0 comments  Print

All the answers to your unique business lifestage questions

You’ve probably seen this before in an action movie: A cyber terrorist hijacks the Pentagon or Whitehouse or ‘blue-chip’ company’s data files, much to everyone’s shock and dismay. Dramatic music builds in the background as spectacled and bearded IT boffs sweat it out, crack a few jokes and, in the knick-of-time, crack the code and save the ‘world’.

It’s not like that in real life – especially in business.

Why you need to guard against ransomware

More and more South African business owners attest to it. Its rather low key in fact; you walk into your office one day - as every other day - but notice the slightly frozen-in-the-headlights expression on your team’s faces, and you know something is horribly wrong.

Then the designated soul says the words you didn’t know you should dread, “They’ve encrypted all our files and want money for the key.” There’s no music, no bearded boffs, just you and an awful sinking feeling in your stomach as your business grinds to an ungainly halt.

You’re not alone. According to Check Point’s report issued recently, South Africa has moved up the list of 117 most attacked countries from 58th position to number 31 in November last year, and we’re steadily climbing with more and more reports of ransomware attacks occurring daily.

Related: Why data security should be a priority for all businesses

How it happens

Usually ransomware penetrates a business’s defences dressed up in an innocent-looking link or attachment on a spam email. Also through visits or clicks on dodgy websites.

Once it is installed and activated, all (as in, all) the files on your server are encrypted and locked. Demands for large payments, usually in a surprisingly non-threatening tone, follow. They state the amount to be paid, typically in the form of untraceable bitcoins, in order to regain access to the encrypted files.

As an all-too-frequent bonus, once payment is made, an additional request for money is issued, presumably because the original amount was paid too swiftly - and is therefore deemed to have been too affordable.

The true cost of ransomware

Usually, it is not so much the ransom itself, but business downtime and other consequences that really hurts your company. The unexpected cost of the ransom will sting, sure, but the knock-on effects of the attack often pose a bigger threat.

  • Lost business time. No access to files and data means no business transactions can be made, which hurts the bottom line big time. The city of San Francisco was forced to give free rides to all commuters after ransomware hit their transportation system.
  • Downtime. Most of your employees will not be able to work, and you face significant productivity losses, regardless of whether you pay the ransom or not.
  • Possible loss of critical data. Some companies only back up their financial data leaving other business-critical data exposed and vulnerable.

Related: Ensure your data does not walk out the door with your employees

How to protect your business

  • Train your team. One key element of protecting your business against ransomware and other malware attacks is security awareness training, which is key to preventing employees from clicking on phishing links in emails.
  • Cloud hosting. Hosting your business data off-site and in the Cloud is a robust security measure against ransomware attacks. “Security at our data centre is paramount,” says Michael Osterloh, founder and managing director of HostAfrica, a growing Cloud hosting company based in Cape Town. “This is the real deal. High tech security safeguards our hardware, and aggressive software security measures keeps the integrity of data sound, so you don’t have to worry about losing data or connectivity.”

The hosted (Cloud) servers are protected against malware by a team of specialists who take responsibility for ensuring that the servers always have the latest updates, are backed up offsite and monitored for any untoward activity. This means that, even if a business’s files are attacked, the backed-up data will be restored within 30 minutes and they can put their business back on its feet again with very little downtime, data loss and productivity deficit.

  • Remote. Probably the biggest risk is exposing your business data through unprotected remote access. We recommend using RemoteApp, which enables you to make programs that are accessed remotely through Remote Desktop. Services appear as if they are running on a local computer. 
  • Layers. There is no complete malware protection package available. Because this is a constantly-evolving threat, each side of the fence is forever playing catch up with each other. Using tools like CryptoPrevent combined with a sharpened awareness to security protocol will ensure your company is better prepared and armed against potential attack.

To stay clear and safe of the risk of ransomware, it is best you employ a layered security approach, combined with comprehensive backup software that is tested regularly, and user education focusing - at a minimum - on safe web browsing and email usage habits.

Rate It12345rating

About the author

Heinrich van der Vyver

Heinrich is the founder of QuickEasy Software’s Business Operating Software (BOS). BOS is a fully integrated operating system that makes information – and control – available to business owners. Integrating everything from quotes, sales, orders, production, purchasing, stock control and accounting, this robust system is deceptively simple to operate. “Our goal was to create business software so easy to use that a single click gives clarity into every aspect of your business. We have done this. Which means you can run your business from the beach, from your home or from anywhere you choose.” Operational clarity is control, and BOS offers that in spades.

Introducing the theft & fidelity protection for your business

Theft and fidelity cover are often confused with each other. Bryan Verpoort discusses the difference between the two and why your business should be putting measures in place for both of these risks.

Login to comment